ACMA hones in on malware with internet security portal

The Australian Communications and Media Authority has launched its Australian Internet Security Initiative portal to give internet service providers access to information about what IPs in their networks are infected by malware.

After nearly nine years in the works, the Australian Communications and Media Authority's (ACMA) Australian Internet Security Initiative (AISI) portal has been officially launched.

The AISI is an online self-service portal aimed to give participating internet service providers (ISPs) easy access to information about infected IPs in their networks, including comparative data between their own and other networks involved in the AISI. They will be able to view a snapshot of the AISI's up-to-date information and source specific information about any compromises. This will mean that participating ISPs and education institutions will no longer have to wait for daily reports, which the ACMA previously provided via email.

In turn, the AISI portal will give ISPs the opportunity to inform their customers about their compromised devices and help them remediate it.

The data that the ACMA feeds through the portal is collected from 17 organisations, including Microsoft, The Shadowserver Foundation, and Team Cymru. Approximately 70,000 "observations" of malware have since been been received and processed through the portal.

Julia Cornwell McKean, manager of ACMA's internet security programs section, said the essence of the program has been to identify compromised devices so that ISPs and consumers can take steps to resolve the issue and protect themselves.

"It's important that we recognise the internet we use for the home and by small business users has evolved exponentially since the early days of the AISI, and that is why the AISI needs to move with the time. Through the AISI portal, the ACMA is responding to this evolution," she said.

The AISI was originally trialled in November 2005 with six Australian ISPs: Telstra, BigPond, OptusNet, Westnet, Uecomm, Pacific Internet, and West Australian Networks. Following an evaluation of the trial in mid-2006, an extended rollout of the AISI was announced in October that same year, which has since seen a total of 139 members join, including 18 universities.

A third of its 139 participants that were part of the portal's pre-launch have signed up to the portal, McKean said.

According to McKean, the most prominent forms of malware that have been recorded by the ACMA are Zero Access, designed for the purpose of click fraud, which occurs 6,000 times a day, and Zeus, a banking Trojan, which occurs 3,000 times a day.